Some business owners operate under the belief that as long as their firm or business isn't the victim of a successful cyberattack they won't face any consequences for failing to comply with required rules and regulations. As the Federal Trade Commission's announcement this morning of a settlement with Medable, Inc., shows, however, that isn't the case.
The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $42,530.
With the California Consumer Privacy Act (CCPA) entering into force in January 2020, it's important business owners ensure they are compliant with it and other regulations. Businesses don't need to be the victim of an attack or catastrophe to face consequences for failing to maintain compliance.